In a variety of industries and settings it is imperative to maintain data security in order to ensure the privacy of customers, clients, employees, etc. A preferred way of maintaining data security is through the use of encryption. Various forms of encryption may be used to encrypt information and multiple layers of encryption or protection may be used to protect sensitive data.
One industry, for which data protection is not only desirable but mandated, is the healthcare industry. The healthcare industry is moving toward maintaining healthcare records electronically. In this regard, the evolution of modern computing and networking technology has lead to a widespread adoption and increasing reliance on computers and associated software for facilitating patient treatment, maintaining patient treatment records, and for tracking and payment of charges attendant to patient treatment. For example, use of computing technology by health service providers has allowed for the creation and maintenance of electronic health record documents for patients, including medical treatment and diagnosis records, billing records, insurer explanation of benefits records, and payment records. Electronic maintenance of such records has offered several advantages to health service providers, including more ready access to patient health information and a reduction in reliance on cumbersome paper files, which may be burdensome to maintain and may be more susceptible to data loss than electronic systems.
The reliance on electronic health records introduces challenges for securely maintaining patient information and maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was developed, in part, to define rules required to protect the confidentiality and security of healthcare information. Compliance with HIPAA has added complexities to the handling of patient data, particularly while balancing ease-of-use for healthcare providers with the necessary security to maintain patient privacy. One added complexity for compliance with HIPAA includes a requirement to log access to protected healthcare data. When protected healthcare data, such as an electronic health record, is accessed, the access event must be logged to at least identify who accessed the information, what information was accessed, and the date and time of the access event. When a healthcare provider searches for patient information, they may access a plurality of patients in an effort to locate the specific patient they are looking for. A log of each record that is accessed must be created such that a search for a single patient may result in dozens or hundreds of access events that must be logged. This requirement creates a substantial burden for the storage and maintenance of log files that can consume large amounts of data storage space.